On Thu, Apr 23, 1998 at 04:41:15PM -0700, George Bonser wrote: > > I believe the package maintainer has commented on this thread already and > > seems at least interested in the prospect of a pine-src package which > > would probably end up in slink and hamm-updates. This may not be the > > simplest solution, but the UoW doesn't want us to have the simple > > solution. > > Would this work: > > Put the source and diff on the site and make a -src package to build a > .deb as is currently done with qmail. This sounds reasonable. > At the same time, submit the .diff to UofW for approval and AFTER > approval, put a binary in the archive with a provisional agreement that > should an emergency security issue arise, debian could TEMPORARILLY > replace the binary with an emergency secured binary pending the > disposition of the security changes. > > In other words, under most circumstances, the binary would not change > until approved by UofW except under emergency circumstances. Not sure UofW is going to like that, or even that the maintainer will like it. The above -src package is probably all that is REALLY needed to satisfy what they want (no potential back-doors in the binaries) so it might not be needed for that standpoint. For the point of the approval of patches to make a binary image, it's almost a non-issue with the src package because the src package will always be preferred for reasons of the bugs fixed and features added. If you're worried about the maintainer putting in a back door, you probably should not be using a linux dist and should be instead building everything from source.. And it can be made almost idiotproof to compile pine-src, really it can..
Attachment:
pgp1rf76tI9Gi.pgp
Description: PGP signature